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COMPLETE SET OF PENDING CLAIMS 

1. (Original) A secure network configured to carry data, comprising: 

a plurality of anti-bubbles, each anti-bubble having a plurality of anti-bubble 
partitions, each anti-bubble partition having at least one network device configured to 
transmit and receive data, and all of the network devices corresponding to at least one of the 
plurality of anti-bubbles have the same network security policy; and 

a plurality of network control points, each network control point including one or 
more network control point devices having at least one interface, wherein each of the 
plurality of anti-bubble partitions is connected to at least one network control point to form 
an anti-bubble boundary, the network control point is used to provide a connection between 
any two network devices, and wherein at least one of the network control point devices is 
configured to enforce the network security policy of the anti-bubble that is connected to the 
network control point device. 

2. (Original) A secure network as defined in claim 1, further comprising a plurality 
of inter-bubble devices, each inter-bubble device is configured to connect at least two of the 
plurality of anti-bubbles to one another and to enforce the network security policy of each of 
the plurality of anti-bubbles that the inter-bubble device is connected to. 

3. (Original) A secure network as defined in claim 1, wherein each of the plurality 
of anti-bubble partitions that belong to the same anti-bubble has the same network security 
policy applied at each of the plurality of network control points that are connected to the 
plurality of anti-bubble partitions. 
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4. (Original) A secure network as defined in claim 1, wherein each of the plurality 
of anti-bubble partitions has no network connectivity to all other anti-bubble partitions within 
the same anti-bubble. 

5. (Original) A secure network as defined in claim 1, wherein each of the plurality 
of anti-bubble partitions is defined by an address range. 

6. (Original) A secure network as defined in claim 5, wherein each of the network 
devices in each of the plurality of anti-bubble partitions has an address contained within the 
address range. 

7. (Original) A secure network as defined in claim 6, wherein each address exists in 
only one of the plurality of anti-bubble partitions. 

8. (Original) A secure network as defined in claim I, wherein each of the plurality 
of network control points ensures source address integrity at each anti-bubble boundary. 

9. (Original) A secure network as defined in claim 1, wherein each of the plurality 
of anti-bubble partitions is connected to at least two network control point devices to achieve 
high availability in the case of a failed interface or network control point device. 

10. (Original) A secure network as defined in claim 1, wherein data may not be 
transmitted between two network devices in different anti-bubble partitions of the same anti- 
bubble. 

1 1 . (Original) A secure network as defined in claim 1 , wherein the plurality of 
network control points are coupled to one another and form a virtual backbone that is external 
to all of the plurality of anti-bubbles. 
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12. (Original) A secure network as defined in claim 11, wherein each of the plurality 
of network control points ensure source address integrity across the virtual backbone. 

13. (Original) A secure network as defined in claim 1, wherein each network device 
connects to only one network control point. 

14. (Original) A secure network as defined in claim 1, wherein the total number of 
network control points is greater than the number of network control points connected to any 
one particular anti-bubble partition. 

15. (Original) A secure network as defined in claim 1, wherein all data transmitted 
from one network device to another network device traverses only one network control point. 

16. (Original) A secure network as defined in claim 1, wherein all data transmitted 
from one network device to another network device traverses only two network control 
points. 

17. (Original) A secure network configured to transmit data, comprising: 

a first and a second anti-bubble, each anti-bubble having a distinct network security 
policy and a plurality of anti-bubble partitions, each anti-bubble partition having a plurality of 
network devices configured to transmit and receive data; and 

a plurality of network control points, each network control point having one or more 
network control point devices, each network control point device having at least one 
interface, wherein each anti-bubble partition is connected to at least one and no more than 
two network control points to provide a connection between a network device in the first anti- 
bubble and a network device in the second anti-bubble, and wherein each one of the network 
control point devices is configured to enforce the network security policy of at least one of 
the anti-bubbles. 
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18. (Original) A secure network as defined in claim 17, wherein no data can be 
transmitted from any network device in the first anti-bubble to any network device in the 
second anti-bubble. 

19. (Original) A secure network as defined in claim 17, further comprising a bubble 
having a distinct network security policy and a plurality of bubble partitions, each bubble 
partition having a plurality of network devices configured to transmit and receive data. 

20. (Original) A secure network as defined in claim 19, wherein data transmitted 
from a network device in the first anti-bubble to a network device in the bubble traverses one 
or more network control points. 

21. (Original) A secure network as defined in claim 17, wherein the network control 
point enforces source integrity for all anti-bubble partitions that are connected to it. 

22. (Original) A secure network as defined in claim 17, wherein each anti-bubble 
partition connects to only one network control point. 

23. (Original) A secure network as defined in claim 17, further comprising an inter- 
bubble device configured to connect the first anti-bubble to the second anti-bubble and to 
enforce the network security policy of the first and second anti-bubbles. 

24. (Original) A secure network as defined in claim 17, wherein each of the plurality 
of anti-bubble partitions that belong to the same anti-bubble has the same network security 
policy applied at each of the plurality of network control points that are connected to the 
plurality of anti-bubble partitions. 
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25. (Original) A secure network as defined in claim 17, wherein each of the plurality 
of anti-bubble partitions has no network connectivity to any other anti-bubble partitions 
within the same anti -bubble. 

26. (Original) A secure network as defined in claim 17, wherein each of the plurality 
of anti-bubble partitions is connected to at least two network control point devices to achieve 
high availability in the case of a failed interface or network control point device. 

27. (Original) A secure network as defined in claim 17, wherein each of the plurality 
of anti-bubble partitions is defined by an address range. 

28. (Original) A secure network as defined in claim 27, wherein each of the plurality 
of network devices in each of the plurality of anti-bubble partitions has an address contained 
within the address range. 

29. (Original) A secure network as defined in claim 28, wherein each address exists 
in only one of the plurality of anti-bubble partitions. 

30. (Original) A secure network as defined in claim 17, wherein data may not be 
transmitted between two network control point devices in different anti-bubble partitions of 
the same anti-bubble. 

31. (Original) A secure network as defined in claim 17, wherein the plurality of 
network control points are coupled to one another and form a virtual backbone that is external 
to the first and the second anti-bubbles. 

32. (Original) A secure network as defined in claim 31, wherein each of the plurality 
of network control points ensure source address integrity across the virtual backbone. 
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33. (Original) A secure network as defined in claim 17, further comprising an inter- 
bubble device configured to connect the first anti-bubble to the second anti-bubble and to 
enforce the network security policy of the first and second anti-bubbles. 

34. (Original) A secure network configured to carry data, comprising: 

a plurality of anti-bubbles, each anti-bubble having a plurality of anti-bubble 
partitions, each anti-bubble partition having at least one network device configured to 
transmit and receive data, and all of the network devices corresponding to at least one of the 
plurality of anti-bubbles having the same network security policy; and 

a plurality of network control points, each network control point including one or 
more network control point devices having at least one interface, wherein each anti-bubble 
partition is connected to only one network control point, which is used to provide a 
connection between any two network devices of different anti-bubbles, and wherein each one 
of the network control point devices is configured to enforce the network security policy of 
the anti-bubble that the network control point device is connected to and wherein when data 
is transmitted from one network device to another network device, two network control 
points are traversed. 

35. (Original) A secure network as defined in claim 34, further comprising a plurality 
of inter-bubble devices, each inter-anti-bubble device is configured to connect at least two of 
the plurality of anti-bubbles to one another and to enforce the network security policy of each 
of the plurality of anti-bubbles that it is connected to. 

36. (Original) A secure network as defined in claim 34, wherein each of the plurality 
of anti-bubble partitions has no network connectivity to any other anti-bubble partitions 
belonging to the same anti-bubble. 
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37. (Original) A secure network as defined in claim 34, wherein no data can be 
transmitted between two devices in different anti-bubble partitions. 

38. (Original) A secure network as defined in claim 34, wherein each of the plurality 
of anti-bubble partitions that belong to the same bubble has the same network security policy 
applied at each of the plurality of network control points that are connected to the plurality of 
anti-bubble partitions. 

39. (Original) A secure network as defined in claim 34, wherein the plurality of 
network control points are coupled to one another and form a virtual backbone that is external 
to all of the plurality of anti-bubbles. 

40. (Original) A secure network as defined in claim 39, wherein each of the plurality 
of network control points ensure source address integrity across the virtual backbone. 

41. (Original) A secure network as defined in claim 34, wherein each network device 
connects to only one network control point. 

42. (Original) A secure network as defined in claim 34, wherein each of the plurality 
of anti-bubble partitions is defined by an address range. 

43. (Original) A secure network as defined in claim 34, wherein each of the network 
devices in each of the plurality of anti-bubble partitions has an address contained within the 
address range. 

44. (Original) A secure network as defined in claim 43, wherein each address exists 
in only one of the plurality of anti-bubble partitions. 
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45. (Original) A secure network as defined in claim 34, wherein data may not be 
transmitted between two network devices in different anti-bubble partitions of the same anti- 
bubble. 

46. (Original) A secure network as defined in claim 34, wherein each of the plurality 
of network control points ensures source address integrity at the connection between any two 
network devices of the plurality of anti-bubbles. 

47. (Original) A secure network as defined in claim 34, wherein each of the plurality 
of anti-bubble partitions is connected to at least two network control point devices to achieve 
high availability in the case of a failed interface or network control point device. 

48. (Original) A secure network configured to carry data, comprising: 

a plurality of anti-bubbles, each anti-bubble having a plurality of anti-bubble 
partitions, each anti-bubble partition having at least one network device configured to 
transmit and receive data, and all of the network devices corresponding to at least one of the 
plurality of anti-bubbles have the same network security policy; 

a plurality of bubbles, each bubble having a plurality of bubble partitions, each bubble 
partition having at least one network device configured to transmit and receive data, and all 
of the network devices corresponding to at least one of the plurality of bubbles have the same 
network security policy; and 

a plurality of network control points, each network control point including one or 
more network control point devices having at least one interface, wherein each anti-bubble 
partition and each bubble partition is connected to one of the plurality of network control 
points, which are used to provide a connection between two or more network devices of 
different anti-bubbles and two or more network devices of the plurality of bubbles, and 
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wherein each one of the network control point devices is configured to enforce the network 
security policy of the anti-bubble and bubble that the network control point device is 
connected to. 

49. (Original) A secure network as defined in claim 48, wherein no data can be 
transmitted between two devices in different anti-bubble partitions. 

50. (Original) A secure network as defined in claim 48, wherein data can be 
transmitted from a network device in any of the plurality of anti-bubbles to a network device 
in any of the plurality of bubbles via the plurality of network control points. 

51. (Original) A secure network as defined in claim 48, wherein all data transmitted 
between one device in one of the plurality of anti-bubble partitions and one device in one of 
the plurality of bubble partitions traverse one or more network control points. 

52. (Original) A secure network as defined in claim 48, wherein the plurality of 
network control points are coupled to one another and form a virtual backbone that is external 
to all of the plurality of anti-bubbles and bubbles. 

53. (Original) A secure network as defined in claim 52, wherein each of the plurality 
of network control points ensure source address integrity across the virtual backbone. 

54. (Original) A secure network as defined in claim 48, wherein each of the plurality 
of anti-bubble partitions and bubble partitions is defined by an address range. 

55. (Original) A secure network as defined in claim 54, wherein each of the network 
devices in each of the plurality of anti-bubble partitions and each of the plurality of bubble 
partitions has an address contained within the address range. 


VAKILK\IRV\400781.1 


10 


Patent 
10002247-1 

56. (Original) A secure network as defined in claim 55, wherein each address exists 
in only one of the plurality of anti-bubble partitions or only one of the plurality of bubble 
partitions. 
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